From 19bc90f91111f9d02e5e68fcdb4135913b9569eb Mon Sep 17 00:00:00 2001
From: adisbladis <adis@blad.is>
Date: Fri, 20 Apr 2018 02:07:16 +0800
Subject: bazaar: Fix CVE-2017-14176

---
 pkgs/applications/version-management/bazaar/default.nix | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'pkgs/applications/version-management')

diff --git a/pkgs/applications/version-management/bazaar/default.nix b/pkgs/applications/version-management/bazaar/default.nix
index 47d667a0c067..72e010fd283c 100644
--- a/pkgs/applications/version-management/bazaar/default.nix
+++ b/pkgs/applications/version-management/bazaar/default.nix
@@ -1,4 +1,5 @@
 { stdenv, fetchurl, python2Packages
+, fetchpatch
 , withSFTP ? true
  }:
 
@@ -17,8 +18,15 @@ python2Packages.buildPythonApplication rec {
   propagatedBuildInputs = []
   ++ stdenv.lib.optionals withSFTP [ python2Packages.paramiko ];
 
-  # Bazaar can't find the certificates alone
-  patches = [ ./add_certificates.patch ];
+  patches = [
+    # Bazaar can't find the certificates alone
+    ./add_certificates.patch
+    (fetchpatch {
+      url = "https://bazaar.launchpad.net/~brz/brz/trunk/revision/6754";
+      sha256 = "0mdqa9w1p6cmli6976v4wi0sw9r4p5prkj7lzfd1877wk11c9c73";
+      name = "CVE-2017-14176.patch";
+    })
+  ];
   postPatch = ''
     substituteInPlace bzrlib/transport/http/_urllib2_wrappers.py \
       --subst-var-by certPath /etc/ssl/certs/ca-certificates.crt
-- 
cgit 1.4.1